<?php
session_start();
require_once 'php_includes.php';

//Make sure logged in
checkLogin();
//Makes Sure the User is a manager

?>  

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Payroll and Timesheet Management Website</title>
    <link rel="stylesheet" type="text/css" href="styles.css"/>
  </head>
  <body>
	<?php writeHeader(); ?>
	<p>
	<span class="pageheader">Add Employee Result</span><br/>
<?php
//Establishes connection to the database
sqlConnect();

$con=sqlConnect();

$sql = 'select EmployeePassword from Employee where EmployeeID = ' . $_SESSION['tmsUserID'];
$sqlresult = sqlQuery($sql);

$result = mysql_result($sqlresult, 0, 0);



//Verify that the user knows their old password
if($result != $_POST['old_pass']) 
{
exit("<p><font color=red>ERROR!</font> You have entered an wrong Old Password! <br> Click <a href=\"controlpanel.php\">here</a> to go back.</p>");
}

//If password is correct
else
{
	//Makes sure that Old password and new password are not the same
	if($_POST['old_pass'] == $_POST['new_pass1'])
	{
		exit("<p>Please choose a new password! <br> Click <a href=\"controlpanel.php\">here</a> to go back.</p>");
	}
	
	else
	{
//Checks if the user has entered values in all fields
if(empty($_POST['new_pass1']))
{
exit("<p>You must enter values in all fields of the Cotrol form! <br> Click <a href=\"control.php\">here</a> to go back.</p>");
}
$pass=$_POST['new_pass1'];
$id=$_SESSION['tmsUserID'];
	
mysql_select_db("titans", $con);

//Updates the users password
$sqlUp= sqlQuery("update Employee set EmployeePassword = '$pass' where EmployeeID = '$id'");
echo "Password Updated Successfully.<br> Click <a href=\"main.php\">here</a> to go home.";

//Close DB
sqlExit();
}
}
sqlExit();

?> 

